Trend Micro DEEP D ISC OVERY IN S PE CT OR

1 GX^\ ( f] + DATASHEET deep DISCOVERY INSPECTOR DATASHEET Targeted attacks and advanced threats are customized to infiltrate your unique IT infrastructure, evade conventional defenses, and remain hidden while stealing your corporate data. To detect these criminal intrusions, analysts and security experts agree that organizations should deploy advanced threat protection as part of an expanded security monitoring Micro deep Discovery Inspector is an advanced threat protection appliance that provides network-wide visibility and intelligence to detect and respond to targeted attacks and advanced threats. The Inspector monitors all ports and more than 100 protocols to analyze virtually all network traffic, giving you the broadest protection available. Specialized detection engines and custom sandboxing identify and analyze malware, command-and-control (C&C) communications, and evasive attacker activities invisible to standard security.)

2 In-depth detection intelligence aids your rapid response, and is automatically shared with your other security products to create a real-time custom defense against your Micro deep DISCOVERY INSPECTOR Network-Wide Targeted Attack DetectionComprehensive threat detection Monitors all ports and more than 80 protocols to identify attacks anywhere on your network Detect malware, C&C, attacker activity Uses specialized detection engines, correlation rules, and custom sandboxing to detect all aspects of a targeted attack, not just malwareCustom sandboxes Uses images that precisely match your system configurations to detect the threats that target your organizationSmart Protection Network intelligence Global threat intelligence powers detection and the Threat Connect portal for attack investigationBroad system protection Detects attacks against Windows, Mac OS X, Android, Linux, and any systemSingle appliance simplicity and flexibility Simplifies security with a single appliance available in a range of capacities, deployable in hardware or virtual configurations Integrate Into Any Environment Shares indicators of compromise (IOC)

3 With third-party products and services such as HP Tipping Point, IBM and Palo Alto Networks firewalls, Check Point, and othersKEY FEATURESKey BenefitsTargeted attack protection Discovers threats that are invisible to standard security products360-degree visibility and detection Monitors virtually all traffic to detect attacks and reveal your true security postureRapid analysis and response Fully characterizes threat and risk factors to drive a rapid responseLower cost of ownership Simplifies protection and management with a single appliance that lowers TCO corporate networkcritical resourcesmobile devicesDEEP DISCOVERY INSPECTOR2015 Breach Detection TestsMOST EFFECTIVER ecommended BreachDetection SystemTre n d M i c ro deep DiscoveryNSSLABSRECOMMENDEDNSSLABSRECOMM ENDEDGX^\ ) f] + DATASHEET deep DISCOVERY INSPECTOR Threat detection engines An array of specialized detection engines and correlation rules focus on finding malware, C&C, and attacker activities across virtually all network traffic beyond standard HTTP and SMTP.

4 The Smart Protection Network and dedicated threat researchers continuously update these engines and rules. Custom sandbox analysis Custom sandbox analysis using virtual environments that precisely match your system configurations further analyzes suspect files and Web content. Custom sandboxing accurately detects the threats that target your organization, thwarts evasion techniques, and excludes irrelevant malware detections. Watch list A special display provides risk-focused monitoring of high-severity threats and high-value assets. Designated systems can be specifically tracked for suspicious activities and events, and for detailed analysis. Threat connect Threat Connect is a unique information portal that taps the global intelligence of the Trend Micro Smart Protection Network to provide you with the full breadth of available data relevant to a specific attack. This profile includes risk assessment; malware characteristics, origins, and variants; related C attacker profile; and suggested remediation procedures.

5 Central management and SIEM deep Discovery Inspector can be managed via the Trend Micro Control Manager. In addition, it integrates fully with leading SIEM platforms, including HP ArcSight, IBM QRadar, and information sharing deep Discovery Inspector shares IOC information on new sandbox detections with other deep Discovery, Trend Micro , and third-party products, including Palo Alto Networks, HP, IBM, Check Point, and others. Flexible, high-capacity deployment Meets diverse deployment and capacity requirements with a range of hardware and virtual appliances that can handle traffic capacity from 500 Mbps to 4 Gbps. HOW deep DISCOVERY INSPECTOR WORKSDeep Discovery Inspector provides traffic inspection, advanced threat detection, and real-time analysis all purpose-built for detecting targeted attacks. It uses a 3-level detection scheme to perform initial detection, then custom sandbox simulation, and finally, event correlation to discover evasive attacker activities. Detection and correlation engines provide the most accurate and up-to-date protection, powered by global threat intelligence from Trend Micro Smart Protection Network , and dedicated threat researchers.

6 The results are high detection rates, low false positives, and in-depth intelligence designed to speed attack Discovery InspectorThreatDetectionThird-PartyInteg rationThreatConnectSandboxAnalysisWatchL istNETWORK INSPECTION APPLIANCEM@JL8C@Q8K@FE 8E8 CPJ@J 8C8 IDJ I<GFIK@E>Detects and protects against Ta r g e t e d a t t a c k a n d a d v a n c e d t h r e a t s Zero-day malware and document exploits Attacker network activity Web threats, including exploits and drive-by-downloads Phishing, spear phishing, and other email threats Data exfiltration Bots, Trojans, worms, keyloggers Disruptive applicationsGX^\ * f] + DATASHEET deep DISCOVERY INSPECTOR WHY CUSTOM SANDBOXING IS ESSENTIALC ybercriminals are creating custom malware to target your specific environment your desktop and laptop OS, apps, browsers, and more. Since the malware is designed to take advantage of these configurations, the malicious code may not execute in a generic sandbox. The bottom line: custom malware is more likely to go undetected in a generic sandbox that doesn t match your IT environment.

7 Only a custom sandbox can simulate your real IT environment and enable you to:EXPAND YOUR SECURITY STRATEGYDeep Discovery Inspector is part of the deep Discovery platform, delivering advanced threat protection where it matters most to your organization network, email, endpoint, or existing security solutions. You can extend the capabilities of Inspector by adding deep Discovery Analyzer, deep Discovery Endpoint Sensor, or Trend Micro Control Manager, and by sharing Inspector IOC detection intelligence with other DetectionDetection MethodsAdvanced Malware Zero-day & known malware Emails containing embedded document exploits Drive-by downloads Decode & decompress embedded files Custom sandbox simulation Browser exploit kit detection Malware scan (signature and heuristic)C&C Communication C&C communication for all malware: bots, downloaders, data stealing, worms, blended threats, etc. Backdoor activity by attacker Destination analysis (URL, IP, domain, email, IRC channel, etc.)

8 Via dynamic blacklisting, white listing Smart Protection Network reputation of all requested and embedded URLs Communication fingerprinting rulesAttacker Activity Attacker activity: scan, brute force, tool download, etc. Data exfiltration Malware activity: propagation, downloading, spamming, etc. Rule-based heuristic analysis Extended event correlation and anomaly detection techniques Behavior fingerprinting rulesHOW deep DISCOVERY DETECTION WORKSM onitoring 100+ protocols and applications across all network portsDeep Discovery Analyzer is an open, scalable custom sandbox analysis server. The Analyzer can be used to augment the protection capabilities of other Trend Micro solutions as well as third-party security products. The Analyzer can also be used to augment the sandboxing capacity and flexibility of Inspector or to centralize the sandboxing analysis across multiple Inspector Discovery Endpoint Sensor is a context-aware endpoint security monitor that records and reports detailed system-level activities on target endpoints.

9 It can investigate based on targeted attacks discovered by deep Security or by any third-party solution using OpenIOC or YARA files. Discovered IOC data can be used in Endpoint Sensor searches to verify infiltrations and discover the full context, timeline, and extent of the attack. Trend Micro Control Manager provides centralized views, threat investigation, and reporting across deep Discovery Inspector units, as well as central management functions for all deep Discovery and Trend Micro products. Control Manager also acts as a distribution point for sharing newly discovered detection intelligence (C&C, other IOC information) across deep Discovery units, Trend Micro , and third-party products. Clearly identify custom malware targeting your organization your Windows license, your language, your applications, and your mix of desktop environments Thwart sandbox evasion techniques based on generic Windows license, limited standard apps and versions, and English language Ignore malware that does not affect your organization, , targeting other versions of Windows or applications GX^\ + f] + DATASHEET deep DISCOVERY INSPECTOR Inspector Model 500 and 1000 Inspector Model 4000 Sandboxes Supported2 (500) 4(1000)20 Form Factor1U Rack-Mount, cm (19 )2U Rack-Mount, cm (19 ) Kg ( lbs) kg ( lb)Dimensions (WxDxH) ( ) x ( ) x ( ) ( ) x ( ) x ( )

10 Management Ports10/100/1000 BASE-T RJ45 Port x 1 iDrac Enterprise RD45 X 110/100/1000 BASE-T RJ45 Port x 1 Data Ports10/100/1000 BASE-T RJ45 Port x 410Gb SFP+ Direct Attach Copper x 210/100/1000 Base-T RJ45 x 2AC Input Voltage100 to 240 VAC100 to 240 VACAC Input to to 5 AHard Drives2 x 1 TB inch SATA4 x 1TB inch NLSASRAID ConfigurationRAID 1 RAID 1+0 Power Supply550W Redundant750W RedundantPower Consumption (Max)604W847W (Max.)Heat2133 BTU/hr (Max.)2891 BTU/hr (Max.)Frequency50/60 Hz50/60 HzOperating to 35 C (50-95 F)10 to 35 C (50-95 F)Hardware Warranty3 Years3 YearsDeep Discovery Inspector Virtual Appliances are available at 100/250/500/1000 Mbps capacities and are deployable on VMware vSphere 5 and Discovery Platform deep Discovery Inspector is part of the deep Discovery family of interconnected products, delivering network, email, endpoint and integrated protection so you can deploy advanced threat protection where it matters most to your organization. 2015 by Trend Micro Incorporated.